As computing environments change and bad actors switch tactics, most organizations will need to increase or redirect their investment in cybersecurity.
With inflation pushing up costs, the question most CFOs will seek to answer is where spending is producing the most value, said Raj Patel, cybersecurity practice leader at consultancy Plante Moran. The goal, of course, is to better protect the organization against infiltrations of its computing assets while allocating dollars efficiently.
There are five areas in which companies should be shoring up their defenses and analyzing expenditures.
Threat Detection and Monitoring
Organizations generally need to be more proactive about cybersecurity, deploying products that detect signs of intrusion early. “Invest in cyber tools and solutions that help monitor vulnerabilities and detect potential cyber threats,” said Patel. “These tools will act as an early-warning system and limit the damage from an attack.”
Identity-focused products that support a zero-trust security strategy are essential, given the increasingly large numbers of remote workers. At one time, a premium was placed on restricting access from “outside” the network. Those “inside” the network were held to a “trust-but-verify” model.
However, hyperconnected environments have obliterated those old network divisions, said Andrew Morrison, U.S. cyber risk services leader at business advisory firm Deloitte.
Today’s leading design philosophy or architectural approach to security by design is zero-trust.” – Andrew Morrison, Deloitte
“Today’s leading design philosophy or architectural approach to security by design is zero-trust,” he said. Zero-trust’s new paradigm is akin to “never trust, always verify,” and takes into consideration the complex third-party, supply chain, and business ecosystems of most organizations, Morrison said.
Hybrid and Multi-Cloud
The rapid move to the cloud and the emergence of hybrid and multi-cloud environments means companies need solutions to protect data everywhere.
Network security and endpoint security are still important, but “embracing public cloud as an architectural model means security controls need to align to the emerging requirements of hybrid infrastructure,” said Ruggero Contu, senior research director at Gartner.
Dynamic security controls support security from wherever users and devices connect. In some cases, the approach may require security delivered as a service, said Contu.
Also gaining traction are cloud-based frameworks and technologies that deliver multiple product capabilities within a single platform, like secure access service edge (SASE), extended detection and response (XDR), and endpoint protection platforms (EPP).
Courtesy- https://www.cfo.com/enterprise-risk-management/2022/01/5-cybersecurity-spending-areas-to-evaluate/